Comment 7 for bug 189298

I suspect that it is the weird path in the HTTP address that confuses
Pandion. I have now rewritten my internal http server so that files
are "mounted" at its virtual file system so that no "../" will be seen
anymore. This is (was) a security risk since an evil client can get
files from anywhere on your local disk if it guesses the right
relative file path. I still allow this but can switch off it any time
now since oob isn't depending on it anymore.

This time I even tested it with both clients on an XP box. Tested also
encoding names as "My (new) $hej.txt".

On 2/14/08, clarf <email address hidden> wrote:
> I send some test files from Coccinella to Pandion and Coccinella doesn´t
> show any error. The bug track is:
>
> SEND: <iq type='set' id='1019' <email address hidden>/Pandion'><query
> xmlns='jabber:iq:oob'><url>http://192.168.236.2:8077/../../../../../../../C:/Documents%20and%20Settings/Andres/Mis%20documentos/peoplesoft/Portal%20docs/portal_roi_wp.pdf</url></query></iq>
> SEND:
>
> SEND: <iq type='set' id='1020' <email address hidden>/Pandion'><query
> xmlns='jabber:iq:oob'><url>http://192.168.236.2:8077/../../../../../../../C:/Documents%20and%20Settings/Andres/Mis%20documentos/peoplesoft/Portal%20docs/portal_roi_wp.pdf</url></query></iq>
>
> But from Pandion point of view there is a transmission error.
>
> Pandion users can´t receive Coccinella files, with the 2008-02-08
> breakfast versión.
>
> --
> Application error when drag file to coccinella contact
> https://bugs.launchpad.net/bugs/189298
> You received this bug notification because you are a member of
> Coccinella, which is the bug contact for Coccinella.
>